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Inferring Internet denial-of-service activity 

David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage 
May 2006 ACM Transactions on Computer Systems (TOCS), volume 24 issue 2 
Publisher: ACM Press 

Full text available: pdf(790.20 KB) Additional Information: full citation , abstract, r efe r en ces, i ndex te r ms 

In this article, we seek to address a simple question: "How prevalent are denial-of-service 
attacks in the Internet?" Our motivation is to quantitatively understand the nature of the 
current threat as well as to enable longer-term analyses of trends and recurring patterns 
of attacks. We present a new technique, called "backscatter analysis," that provides a 
conservative estimate of worldwide denial-of-service activity. We use this approach on 22 
traces (each coveri ... 

Keywords: Backscatter, denial-of-service, network measurement, network security 



S O S: secure overlay services 

Angelos D. Keromytis, Vishal Misra, Dan Rubenstein 

August 2002 ACM SIGCOMM Computer Communication Review , Proceedings of the 
2002 conference on Applications, technologies, architectures, and 
protocols for computer communications SIGCOMM '02, volume 32 issue 4 

Publisher: ACM Press 

Additional Information: full citation, abstract, references, citings, index 
terms 



Full text available: gpdf(21 0.90 KB) 



Denial of service (DoS) attacks continue to threaten the reliability of networking systems. 
Previous approaches for protecting networks from DoS attacks are reactive in that they 
wait for an attack to be launched before taking appropriate measures to protect the 
network. This leaves the door open for other attacks that use more sophisticated methods 
to mask their traffic.We propose an architecture called Secure Overlay Services (SOS) 
that proactively prevents DoS attacks, geared toward supportin ... 



Keywords: denial of service attacks, network security, overlay networks 



Advertising and Security for E-Cornmerence: Protecting elect roni c commerce from 
distributed denial-of-s e rvice attacks 
Jose Brustoloni 



http://portal.acm.o^ 9/16/07 



Results (page 1): +internet +service +provider -fdenial +of +service 4-router 



Page 2 of 7 



May 2002 Proceedings of the 11th international conference on World Wide Web 
WWW '02 

Publisher: ACM Press 

Full text available* 1® pdf(1 33 78 KB) Additional Information: full citation , abstract , references , citings , index 
terms 

It is widely recognized that distributed denial-of-service (DDoS) attacks can disrupt 
electronic commerce and cause large revenue losses. However, effective defenses 
continue to be mostly unavailable. We describe and evaluate VIPnet, a novel value-added 
network service for protecting e-commerce and other transaction-based sites from DDoS 
attacks. In VIPnet, e-merchants pay Internet Service Providers (ISPs) to carry the 
packets of the e-merchants 1 best clients (called VIPs) in a privileged class ... 

Keywords: denial of service, electronic commerce, quality of service 



4 Session 2: secu re Web serv ic es: Designin g a distributed access control processor for 
network services on the Web 
Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security XMLSEC '02 
Publisher: ACM Press 

Full text available* Wl pdf(301 14 KB) Additional Information: full citation, abstract, references , citin gs, index 
• ; terms 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision 
of many,and might represent a step towards the semantic Web. However, security is a 
crucial requirement for the serious usage and adoption of the Web services technology. 
This paper enumerates design goals for an access control model for Web services. It then 
introduces an abstract general model for Web services components, along ... 

Keywords: Web services, XML, access control, security 



5 Review e d a rti cles: On the robustness of router-based denial-of-service (DoS) 




defense systems 
Ying Xu, Roch Guerin 

July 2005 ACM SIGCOMM Computer Communication Review, volume 35 issue 3 
Publisher: ACM Press 

Full text available: ^| pdf( 441.29 KB) Additional Information: full citation, abstract, re f er e n c es , index terms 

This paper focuses on "router- based" defense mechanisms, and whether they can provide 
effective solutions to network Denial-of-Service (DoS) attacks. Router-based defenses 
operate either on traffic aggregates or on individual flows, and have been shown, either 
alone or in combination with other schemes, e.g., traceback, to be reasonably effective 
against certain types of basic attacks. Those attacks are, however, relatively brute-force, 
and usually accompanied by either significant increases in ... 

Keywords: denial-of-service, router-based defense 



IDMaps: a g l o bal internet host distance estimation service 

Paul Francis, Sugih Jamin, Cheng Jin, Yixin Jin, Danny Raz, Yuval Shavitt, Lixia Zhang 
October 2001 IEEE/ ACM Transactions on Networking (TON), volume 9 issue 5 
Publisher: IEEE Press 

Full text available: ||| pdf(267.64 KB) Additional Information: full c i tation , abstract, references, citings, index 
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There is an increasing need to quickly and efficiently learn network distances, in terms of 
metrics such as latency or bandwidth, between Internet hosts. For example, Internet 
content providers often place data and server mirrors throughout the Internet to improve 
access latency for clients, and it is necessary to direct clients to the nearest mirrors based 
on some distance metric in order to realize the benefit of mirrors. We suggest a scalable 
Internet-wide architecture, called IDMaps, which m ... 

Keywords: Distributed algorithms, modeling, network service, scalability 
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Papers: An analysis of usin g r eflectors for distributed d enial-of-serv ice attacks 
Vern Paxson 

July 2001 ACM SIGCOMM Computer Communication Review, volume 31 issue 3 
Publisher: ACM Press 

Full text available: ^$M1M.MB). Additional Information: full citation, abstract , references, cjtings 

Attackers can render distributed denial-of-service attacks more difficult to defend against 
by bouncing their flooding traffic off of reflectors; that is, by spoofing requests from the 
victim to a large set of Internet servers that will in turn send their combined replies to the 
victim. The resulting dilution of locality in the flooding stream complicates the victim's 
abilities both to isolate the attack traffic in order to block it, and to use traceback 
techniques for locating the source ... 

Towards an evolvable internet architecture 
Sylvia Ratnasamy, Scott Shenker, Steven McCanne 

August 2005 ACM SIGCOMM Computer Communication Review , Proceedings of the 
2005 conference on Applications, technologies, architectures, and 
protocols for computer communications SIGCOMM '05, volume 35 issue 4 

Publisher: ACM Press 

Full text available: f|pdf(32 3 . 40 KB ) Additjonal Information: yicitation, abstract, references, gtings, index 

terms 

There is widespread agreement on the need for architectural change in the Internet, but 
very few believe that current ISPs will ever effect such changes. In this paper we ask 
what makes an architecture evolvable, by which we mean capable of gradual change led 
by the incumbent providers. This involves both technical and economic issues, since ISPs 
have to be able, and incented, to offer new architectures. Our study suggests that, with 
very minor modifications, the current Internet architecture co ... 

Keywords: anycast, network architecture 



9 Surve y o f n e twork-based defense mech an is ms countering t he D oS a nd DDoS 
|k problems 

^ Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao 

April 2007 ACM Computing Surveys (CSUR), volume 39 issue i 
Publisher: ACM Press 

Full text available: ^j|pdf(1.17 MB) Additional Information: full citation , abstract , references , index terms 

This article presents a survey of denial of service attacks and the methods that have been 
proposed for defense against these attacks. In this survey, we analyze the design 
decisions in the Internet that have created the potential for denial of service attacks. We 
review the state-of-art mechanisms for defending against denial of service attacks, 
compare the strengths and weaknesses of each proposal, and discuss potential 
countermeasures against each defense mechanism. We conclude by highligh ... 
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Report of the national workshop on internet voting: issues and research agenda 
C. D. Mote 

May 2002 Proceedings of the 2002 annual national conference on Digital 
government research dg.o '02 

Publisher: Digital Government Research Center 

Full text available: f§.pM^^ Additional Information: full citation 



11 Report of th e n ational workshop on internet voting: issues and research agenda 
c. D. Mote 

May 2000 Proceedings of the 2000 annual national conference on Digital 
government research dg.o '00 

Publisher: Digital Government Research Center 

Full text available: fl| pdf(539,99 KB). Additional Information: full citation , abstract 

As use of the Internet in commerce, education and personal communication has become 
common, the question of Internet voting in local and national elections naturally arises. In 
addition to adding convenience and precision, some believe that Internet voting may 
reverse the historical and downward trend of voter turnout in the United States. For these 
reasons President Clinton issued a memorandum in December 1999 requesting that the 
National Science Foundation examine the feasibility of online (In ... 

1 2 Network support for IP trac eback 

Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson 

June 2001 IEEE/ACM Transactions on Networking (TON), volume 9 issue 3 

Publisher: IEEE Press 

Full text available: fH pdf(196 89 KB) Additional Information: full citation , abstract , references , citings , index 
terms 

This paper describes a technique for tracing anonymous packet flooding attacks in the 
Internet back toward their source. This work is motivated by the increased frequency and 
sophistication of denial-of-service attacks and by the difficulty in tracing packets with 
incorrect, or "spoofed," source addresses. In this paper, we describe a general purpose 
traceback mechanism based on probabilistic packet marking in the network. Our approach 
allows a victim to identify the network pat ... 

Keywords: computer network management, computer network security, network 
servers, stochastic approximation, wide-area networks 




1 3 Practical net wo rk s u pport for IP traceback 

Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson 

August 2000 ACM SIGCOMM Computer Communication Review , Proceedings of the 
conference on Applications, Technologies, Architectures, and Protocols 
for Computer Communication SIGCOMM '00, volume 30 issue 4 
Publisher: ACM Press 

Full text available* f"l pdf(167 15 KB) Additional Information: full citation, abstract, references, citings, index 
" M ' i term s 

This paper describes a technique for tracing anonymous packet flooding attacks in the 
Internet back towards their source. This work is motivated by the increased frequency 
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and sophistication of denial-of-service attacks and by the difficulty in tracing packets with 
incorrect, or ' "spoofed", source addresses. In this paper we describe a general purpose 
traceback mechanism based on probabilistic packet marking in the network. Our approach 
allows a victim to identify the network path(s) trave ... 

14 Denial-of-service: A framework for classifying denial of service attacks 
A Alefiya Hussain, John Heidemann, Christos Papadopoulos 

v August 2003 Proceedings of the 2003 conference on Applications, technologies, 

architectures, and protocols for computer communications SIGCOMM v 03 

Publisher: ACM Press 

Full text available* ®pdf(622 14 KB) Additional Information: full citation, abstract, re feren ces, citings, index 
k§j_bL__i : terms 

Launching a denial of service (DoS) attack is trivial, but detection and response is a 
painfully slow and often a manual process. Automatic classification of attacks as single- or 
multi-source can help focus a response, but current packet-header-based approaches are 
susceptible to spoofing. This paper introduces a framework for classifying DoS attacks 
based on header content, and novel techniques such as transient ramp-up behavior and 
spectral analysis. Although headers are easily forged, we sho ... 

Keywords: denial of service attacks, measurement, security, time series analysis 



15 R eth i nkin g the d e sign of th e In ternet: the end-to-end ar g uments vs. the brave new 
world. 

Marjory S. Blumenthal, David D. Clark 

August 2001 ACM Transactions on Internet Technology (TOIT), volume l issue i 
Publisher: ACM Press 

Full text available- IB pdf(1 76 3.3 KB) Add'*' 003 ' Information: full citation , abstract, r eferences , citings, index 
y^l , terms 

This article looks at the Internet and the changing set of requirements for the Internet as 
it becomes more commercial, more oriented toward the consumer, and used for a wider 
set of purposes. We discuss a set of principles that have guided the design of the 
Internet, called the end-to-end arguments, and we conclude that there is a risk that the 
range of new requirements now emerging could have the consequence of compromising 
the Internet's original design principles. Were ... 

Keywords: ISP, Internet, end-to-end argument 



16 Addressing reality: an arch i tectura l r esponse to rea l- wor l d demands on the evolvin g 
Internet 

David D. Clark, Karen Sollins, John Wroclawski, Ted Faber 

August 2003 ACM SIGCOMM Computer Communication Review , Proceedings of the 
ACM SIGCOMM workshop on Future directions in network architecture 
FDNA '03, Volume'33 Issue 4 
Publisher: ACM Press 

Full text available* fH pdf(361 27 KB) Additional Information: full citation, abstract, references, ci ti n gs, index 

: terms 

A system as complex as the Internet can only be designed effectively if it is based on a 
core set of design principles, or tenets, that identify points in the architecture where there 
must be common understanding and agreement. The tenets of the original Internet 
architecture [6] arose as a response to the technical, governmental, and societal 
environment of internetworking's earliest days, but have remained central to the Internet 
as it has evolved. In light of the increasing integration of the ... 
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17 Sc a lable multi c a s t ba s ed filtering and tracing framew ork f or d ef eating distributed Do S 
attacks 

Jangwon Lee, Gustavo de Veciana 

January 2005 International Journal of Network Management volume is issue l 
Publisher: John Wiley & Sons, Inc. 

Full text available* 111 pdf(21 3 52 KB) Add'*' 01 " 131 Information: full citation, abstract, re ferences, citin gs, i ndex 
' ™ '~ terms 

In this paper we present a distributed scalable framework to support on- demand filtering 
and tracing services for defeating distributed denial of service attacks. Our filtering 
mechanism is designed to quickly identify a set of boundary filter locations so that attack 
packets might be dropped as close as possible to their origin(s). We argue that precisely 
identifying the origins of an attack is not achievable when there is only a partial 
deployment of tracing nodes— as is likely to be the case ... 

18 Ev al uation and test i ng of internet firewalls 
Khalid Al-Tawil, Ibrahim A. Al-Kaltham 

May 1999 International Journal of Network Management, volume 9 issue 3 
Publisher: John Wiley & Sons, Inc. 

Full text available- f ll pdf(587 62 KB) Additionaf Information: full citat ion, abstract, references, citings , index 

: t erm s 

In this article we propose a testing methodology for evaluating Internet firewalls and 
apply it to compare two popular firewalls. Copyright © 1999 John Wiley & Sons, Ltd. 

19 Editor^ internet: fundamentals and measurement 
^gk Thrasyvoulos Spyropoulos, Serge Fdida, Scott Kirkpatrick 

>S March 2007 ACM SIGCOMM Computer Communication Review, volume 37 issue 2 
Publisher: ACM Press 

Full text available: 'fgpdf (136.36 KB) Additional Information: full citation , abstract, references , index terms 

While the Internet is hardly "broken", it has proved unable to integrate new ideas, new 
architectures, and provide paths for future integration of data, voice, rich media and 
higher reliability. The reason is that the basic concept of the Internet as an end-to-end 
packet delivery service has made its middle layer, networking services through TCP/IP, 
untouchable. If we wish to see any disruptive enhancements to security, routing flexibility 
and reliability, and robust quality of service guaran ... 

Keywords: COST, arcadia, federation, future internet, monitoring, testbeds, 
virtualization 



20 Defense against spo ofed IP tra f f ic u si n g ho p-count f i lt erin g 
Haining Wang, Cheng Jin, Kang G. Shin 

February 2007 IEEE/ACM Transactions on Networking (TON), volume 15 issue l 
Publisher: IEEE Press 

Full text available: H| pdf(782.34 KB) Additional Information: full citation, abstract, references, index term s 

IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to: 
1) conceal flooding sources and dilute localities in flooding traffic, and 2) coax legitimate 
hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, the ability 
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to filter spoofed IP packets near victim servers is essential to their own protection and 
prevention of becoming involuntary DoS reflectors. Although an attacker can forge any 
field in the IP header, he cannot falsify t ... 

Keywords: DDoS attacks, IP spoofing, hop-count, host-based 
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An internet service provider (ISP) VPN network comprising: a plurality of ... said second 

IP address in response to a Distributed Denial of Service (DDOS) ... 
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TFN was the first highly visible distributed denial of service attack tool to ... The current 
tools use the same target IP address for the duration of the ... 
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Distributed Denial of Service Attacks-The Internet Protocol ... 
[10] T. Peng, C. Leckie, and K. Ramamohanarao, "Detecting Distributed Denial of Service 
Attacks Using Source IP Address Monitoring," The University of ... 
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Distributed Denial of Service - Protecting Critical Systems | Web ... 
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Distributed Denial of Service (DDOS) attacks are a significant threat to the ... Internet 
Service Providers are in the best position to protect customers ... 
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